From 8a94c065951d8f90c0c8ec70b8d40fefef1e644f Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Mon, 1 Dec 2014 17:19:06 -0800 Subject: [PATCH] nixos: Add network-pre.target and adjust firewall start ordering --- nixos/modules/services/networking/firewall.nix | 5 +++-- nixos/modules/system/boot/systemd.nix | 6 ++++++ .../tasks/network-interfaces-scripted.nix | 18 ++++++++++-------- nixos/modules/tasks/network-interfaces.nix | 4 +++- 4 files changed, 22 insertions(+), 11 deletions(-) diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index 51e1679ce4de..b129727087aa 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -458,8 +458,9 @@ in systemd.services.firewall = { description = "Firewall"; - wantedBy = [ "network.target" ]; - after = [ "network-interfaces.target" "systemd-modules-load.service" ]; + wantedBy = [ "network-pre.target" ]; + before = [ "network-pre.target" ]; + after = [ "systemd-modules-load.service" ]; path = [ pkgs.iptables ]; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 80208c1525d5..78fe8c49fb05 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -36,6 +36,7 @@ let "graphical.target" "multi-user.target" "network.target" + "network-pre.target" "network-online.target" "nss-lookup.target" "nss-user-lookup.target" @@ -947,6 +948,11 @@ in systemd.targets.network-online.after = [ "ip-up.target" ]; + systemd.targets.network-pre = { + wantedBy = [ "network.target" ]; + before = [ "network.target" ]; + }; + systemd.targets.remote-fs-pre = { wantedBy = [ "remote-fs.target" ]; before = [ "remote-fs.target" ]; diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index a994e44c6ecf..316e2e33eec7 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -54,7 +54,7 @@ in networkSetup = { description = "Networking Setup"; - after = [ "network-interfaces.target" ]; + after = [ "network-interfaces.target" "network-pre.target" ]; before = [ "network.target" ]; wantedBy = [ "network.target" ]; @@ -105,7 +105,7 @@ in wantedBy = [ "network-interfaces.target" ]; before = [ "network-interfaces.target" ]; bindsTo = [ (subsystemDevice i.name) ]; - after = [ (subsystemDevice i.name) ]; + after = [ (subsystemDevice i.name) "network-pre.target" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute ]; @@ -155,7 +155,7 @@ in createTunDevice = i: nameValuePair "${i.name}-netdev" { description = "Virtual Network Interface ${i.name}"; requires = [ "dev-net-tun.device" ]; - after = [ "dev-net-tun.device" ]; + after = [ "dev-net-tun.device" "network-pre.target" ]; wantedBy = [ "network.target" (subsystemDevice i.name) ]; before = [ "network-interfaces.target" (subsystemDevice i.name) ]; path = [ pkgs.iproute ]; @@ -180,7 +180,8 @@ in { description = "Bridge Interface ${n}"; wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; - after = deps ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; + after = [ "network-pre.target" ] ++ deps + ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; before = [ "network-interfaces.target" (subsystemDevice n) ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; @@ -214,7 +215,8 @@ in { description = "Bond Interface ${n}"; wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; - after = deps ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; + after = [ "network-pre.target" ] ++ deps + ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; before = [ "network-interfaces.target" (subsystemDevice n) ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; @@ -250,7 +252,7 @@ in { description = "Vlan Interface ${n}"; wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; - after = deps; + after = [ "network-pre.target" ] ++ deps; before = [ "network-interfaces.target" (subsystemDevice n) ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; @@ -274,7 +276,7 @@ in { description = "6-to-4 Tunnel Interface ${n}"; wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; - after = deps; + after = [ "network-pre.target" ] ++ deps; before = [ "network-interfaces.target" (subsystemDevice n) ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; @@ -301,7 +303,7 @@ in { description = "Vlan Interface ${n}"; wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; - after = deps; + after = [ "network-pre.target" ] ++ deps; before = [ "network-interfaces.target" (subsystemDevice n) ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index e4b200ed534c..9c6c71a1dbb0 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -669,6 +669,7 @@ in { description = "All Network Interfaces"; wantedBy = [ "network.target" ]; before = [ "network.target" ]; + after = [ "network-pre.target" ]; unitConfig.X-StopOnReconfiguration = true; }; @@ -677,6 +678,7 @@ in description = "Extra networking commands."; before = [ "network.target" ]; wantedBy = [ "network.target" ]; + after = [ "network-pre.target" ]; unitConfig.ConditionCapability = "CAP_NET_ADMIN"; path = [ pkgs.iproute ]; serviceConfig.Type = "oneshot"; @@ -692,7 +694,7 @@ in wantedBy = [ "network-interfaces.target" ]; before = [ "network-interfaces.target" ]; bindsTo = [ (subsystemDevice i.name) ]; - after = [ (subsystemDevice i.name) ]; + after = [ (subsystemDevice i.name) "network-pre.target" ]; path = [ pkgs.iproute ]; serviceConfig = { Type = "oneshot";